i40e: Fix filter input checks to prevent config with invalid values

Prevent VF from configuring filters with unsupported actions or use
REDIRECT action with invalid tc number. Current checks could cause
out of bounds access on PF side.

Fixes: e284fc280473 ("i40e: Add and delete cloud filter")
Reviewed-by: Andrii Staikov <andrii.staikov@intel.com>
Signed-off-by: Sudheer Mogilappagari <sudheer.mogilappagari@intel.com>
Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Bharathi Sreenivas <bharathi.sreenivas@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>

diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 3f99eb1982452725caa0548f01329350300cd8b9..031b15cceab929f3124b580f0d73c713faecc908 100644 (file)
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -3521,16 +3521,16 @@ static int i40e_validate_cloud_filter(struct i40e_vf *vf,
        bool found = false;
        int bkt;
 
-       if (!tc_filter->action) {
+       if (tc_filter->action != VIRTCHNL_ACTION_TC_REDIRECT) {
                dev_info(&pf->pdev->dev,
-                        "VF %d: Currently ADq doesn't support Drop Action\n",
-                        vf->vf_id);
+                        "VF %d: ADQ doesn't support this action (%d)\n",
+                        vf->vf_id, tc_filter->action);
                goto err;
        }
 
        /* action_meta is TC number here to which the filter is applied */
        if (!tc_filter->action_meta ||
-           tc_filter->action_meta > I40E_MAX_VF_VSI) {
+           tc_filter->action_meta > vf->num_tc) {
                dev_info(&pf->pdev->dev, "VF %d: Invalid TC number %u\n",
                         vf->vf_id, tc_filter->action_meta);
                goto err;